# Connect Workday (LMS) as a Training Provider Sprinto integrates with Workday Learning (LMS) to automatically sync training data such as course completion and user progress. Once connected, Sprinto can track training compliance, trigger campaigns, and map learning records to controls without manual intervention. This integration uses secure API-based authentication and requires configuration within both Sprinto and Workday. *** ### How it Works Sprinto connects to Workday using API credentials generated within your Workday account. The integration is powered via a secure authentication flow that requires specific permissions and scopes. To enable the integration: * You create a credential in Sprinto and initiate the connection. * Sprinto guides you through required permissions and configuration steps. * In Workday, you: * Retrieve your REST API endpoint * Create an Integration System User (ISU) * Assign required domain permissions via a security group * Generate API credentials (Client ID, Client Secret, Refresh Token) Once configured: * Sprinto fetches user and course data from Workday. * Training completion and progress are continuously synced. * Compliance checks are automatically evaluated. *** ### Required Permissions To successfully connect Workday (LMS) with Sprinto, you must grant specific read-only permissions to the Integration System User (ISU) via the assigned security group. Ensure that each permission is configured with the correct access level in **Maintain Permissions for Security Group**. #### Domain Security Policy Permissions
Access TypeDomain
Get OnlyWorker Data: Workers
Get OnlyWorker Data: Public Worker Reports
Get OnlyWorker Data: Current Staffing Information
Get OnlyPerson Data: Work Email
Get OnlySet Up: Learning Catalog
View OnlySet Up: Learning Catalog
Get OnlyReports: Learning Record
View OnlyReports: Learning Record
{% hint style="warning" %} #### Important * Select the **exact access type** (Get Only or View Only) for each domain * Do not assign broader permissions such as *View and Modify* or *Get and Put* * Permissions must be assigned to the **Integration System Security Group** linked to the ISU * After assigning permissions, you must **activate pending security policy changes** for them to take effect {% endhint %} *** ### Use Cases
Use caseDescription
Automate training compliance trackingAutomatically track completion of mandatory training programmes
Centralise training dataConsolidate Workday learning data within Sprinto for audits
Reduce manual effortEliminate manual uploads of training records
Audit readinessProvide verifiable training evidence mapped to controls
Continuous monitoringEnsure ongoing compliance through automated checks
*** ### Dashboard Actions #### Step 1: Navigate to Trainings 1. Log in to the Sprinto dashboard. 2. Navigate to **Data Library → Trainings.**
*** #### Step 2: Add Workday as a Training Provider 1. Click **Add training provider.** 2. In the drawer, locate **Workday (LMS).** 3. Click **Connect.**
*** #### Step 3: Create Credential 1. Select **Credential Type** as *Workday (LMS).* 2. Enter a **Credential Name.** 3. Add a description. 4. Click **Create Credential.**
This opens the Workday connection flow. *** #### Step 4: Review and Approve Permissions 1. Review all requested permissions in the Workday pop-up. 2. Expand each section: * Read users * Read courses * Read course revisions * Read course progressions 3. Click **Continue.**
*** #### Step 5: Add Workday REST API Endpoint 1. In your Workday account, use the **Search** bar at the top and enter **View API Clients**. 2. From the results, click on the **View API Clients** task to open the API Clients page.
3. On the **View API Clients** page, locate the field labelled **Workday REST API Endpoint**. 4. Copy the endpoint value. The URL will follow this format:\ `https://{domain}/ccx/api/v1/{tenant}`
5. Return to Sprinto and paste the copied value into the **Workday REST API Endpoint** field. 6. Click **Continue** to proceed.
*** #### Step 6: Create Integration System User (ISU) 1. In your Workday account, use the **Search** bar at the top and enter **Create Integration System User**. 2. From the results, click on the **Create Integration System User** task.
3. In the dialog that appears, enter the following details: * **Username** for the integration user * **Password** (ensure it meets Workday’s password requirements) 4. (Optional but recommended) Select **Generate Random Password** or create a strong password manually and store it securely. 5. Enable the checkbox **Do Not Allow UI Sessions** to restrict interactive login for this user. 6. You can leave the remaining fields (such as session timeout settings) as default unless your organisation requires specific configurations. 7. Click **OK** to create the Integration System User.
*** #### Step 7: Create Security Group and Assign User 1. In your Workday account, use the **Search** bar at the top and enter **Create Security Group**. 2. From the results, click on the **Create Security Group** task.
3. On the **Create Security Group** screen: 1. Locate the dropdown **Type of Tenanted Security Group.** 2. Select **Integration System Security Group (Unconstrained).** 4. In the **Name** field, enter the same value as the **Integration System User (ISU) username** you created earlier. 5. Click **OK** to create the security group.
6. On the next screen (Edit Security Group): 1. Locate the **Integration System Users** field. 2. Add the ISU you created earlier by searching and selecting the username. 7. (Optional) You can leave other fields such as comments or context type unchanged unless required by your organisation. 8. Click **OK** to save and assign the user to the security group.
*** #### Step 8: Assign Required Domain Permissions 1. In Workday, use the **Search** bar and enter **Maintain Permissions for Security Group**. 2. Select the task **Maintain Permissions for Security Group** from the results.
3. In the window that opens: 1. Ensure the **Operation** is set to **Maintain.** 2. In the **Source Security Group** field, search for and select the security group you created earlier (same name as the ISU). 4. Click **OK** to proceed.
5. You will be redirected to the permissions configuration page. Ensure the tab **Domain Security Policy Permissions** is selected. 6. Click the **“+” (Add)** icon to start adding permissions.
7. For each required permission, repeat the following steps: 1. In the **View/Modify Access** column: * Select the appropriate access type (**Get Only** or **View Only**) from the dropdown. 2. In the **Domain Security Policy** column: * Use the search field to enter the domain name. * Select the correct domain from the search results. 3. See the example image given below.
8. Add the following permissions: * **Get Only**: Worker Data: Workers * **Get Only**: Worker Data: Public Worker Reports * **Get Only**: Worker Data: Current Staffing Information * **Get Only**: Person Data: Work Email * **Get Only**: Set Up: Learning Catalog * **View Only**: Set Up: Learning Catalog * **Get Only**: Reports: Learning Record * **View Only**: Reports: Learning Record 9. Continue adding entries until all required permissions are configured. 10. Once completed, click **OK** to save the permissions. *** #### Step 9: Activate Security Changes 1. In Workday, use the **Search** bar and enter **Activate Pending Security Policy Changes**. 2. Select the task **Activate Pending Security Policy Changes** from the results.
3. In the window that appears: 1. Enter a **comment** describing the changes (optional but recommended) * Example: *Grant ISU required permissions for Sprinto integration* 4. Click **OK**.
5. In the confirmation screen: 1. Review the **Current Security Evaluation Moment** and **Proposed Security Evaluation Moment.** 2. Verify that your recent changes are included. 6. Select the **Confirm** checkbox to approve the changes. 7. Click **OK** to apply the updates.
*** #### Step 10: Create API Client 1. In Workday, use the **Search** bar and enter **Register API Client for Integrations**. 2. Select the task **Register API Client for Integrations** from the results.
3. In the window that appears: * Enter a **Client Name.** * Example: *Sprinto API Client* (or any identifiable name). 4. Enable **Non-Expiring Refresh Tokens** 5. In the **Scope (Functional Areas)** field: * Add the required scopes for LMS integrations: * **Tenant Non-Configurable** * **Staffing** * **Contact Information** * **Learning Core** 6. Click **OK** to create the API client.
*** #### Retrieve Client Credentials 6. After creation, a details page will appear: * Copy and securely store: * **Client ID** * **Client Secret** These values will be required when completing the integration in Sprinto.
*** #### Generate Refresh Token 7. On the same page: 1. Click the **three-dot menu (⋯)** at the top. 2. Navigate to **API Client → Manage Refresh Tokens for Integrations.**
8. In the dialog, select the **Workday Account** (enter the ISU created earlier) 9. Click **OK**.
10. In the next screen, select **Generate New Refresh Token.** 11. Click **OK**.
12. Once the token is generated: 1. Copy the **Refresh Token.** 2. Store it securely for later use in Sprinto.
{% hint style="warning" %} #### Important * The refresh token is required to complete authentication with Sprinto. * Ensure you copy all credentials (**Client ID, Client Secret, Refresh Token**) before exiting the screen. {% endhint %} *** #### Step 11: Complete Integration in Sprinto 1. Enter: * Client ID * Client Secret * Refresh Token 2. Click **Set up integration.**
Once successful, Sprinto begins syncing Workday training data. *** ### Summary By integrating Workday LMS with Sprinto, you enable automated syncing of training data, allowing continuous monitoring of employee learning and compliance. This removes manual effort and ensures audit readiness with real-time evidence collection.